The GDBF are committed to protecting your personal data. Personal data is any information relating to an identified or identifiable person.
This privacy notice explains what to expect when the [name of data controller] collect your personal information. There are several policies and procedures which support this privacy notice, these are listed in Section 11 below.
- Data controller(s)
The data controller is: GDBF, Church House, College Green, GL1 2LY.
- For Safeguarding purposes the reasons why we collect and use your personal data:
We collect and use your personal information to carry out our safeguarding responsibilities including the following activities:
- Undertaking risk assessments;
- Investigating safeguarding allegations;
- Maintaining records and case files regarding safeguarding incidents and/or investigations;
- Providing training;
- Providing support to individuals involved in safeguarding cases; including assessing the need for counselling;
- Ensuring the safety of those that work for or are employed by the institutional Church of England, including contractors and office holders, members of the Church of England and the public;
- Providing advice to Church of England bodies regarding managing safeguarding incidents or cases;
- Liaising with and responding to public, statutory and regulatory enquiries (including legal and independent reviews and inquiries), local authorities and courts and tribunals;
- Being involved in litigation, dispute resolution and judicial process (including liaison with external advisers);
- Publishing resources, reports and reviews;
- Undertaking research and statistical analysis; and
- Managing archived records for historical and research reasons, including the management and administration of access our collections.
- The categories of personal data we collect:
The types of information we process include:
- Marital status;
- Job title/position;
- Dates (birth, joined, ordination, education, death etc.);
- Contact information – work and personal (Address; phone numbers);
- Family names and details, including wider family;
- Lifestyle and social circumstances;
- Socio-economic details;
- Employment and appointments;
- Education details;
- Training attendance/certification; and
- Housing needs;
Special categories of information may include:
- ethnic origin;
- trade union membership;
- sex life; or
- sexual orientation; and
- criminal allegations, proceedings or convictions, including DBS status;
- current, retired and prospective clergy;
- employees (see wording below);
- individuals involved in or connected with legal claims, inquiries, reviews and dispute resolution;
- professional advisers and consultants;
- individuals whose safety has been put at risk;
- children and parents/ carers;
- complaints of misconduct and unlawful acts;
- details of misconduct and unlawful acts e.g. the nature of any allegations; and
- individuals who may pose a risk.
The following types of documents or correspondence may be processed:
- Records of alerts, notifications, concerns or allegations;
- Disciplinary, case and personal files;
- Risk Assessments;
- Confidential declaration forms;
- Recruitment documentation e.g. DBS checks;
- Training records;
- Minutes of meetings;
- Correspondence, including letters, emails etc.;
- Telephone call notes;
- Records of enquiries, advice sought or provided;
- Records provided by the police or statutory agencies; and
- Notifications to external parties e.g. police, local authorities, the Charity Commission, insurers etc.
- The lawful basis for using your information
We collect and use personal data as explained below.
- Consent – we will obtain your consent to process your data for assessing and providing counselling and support.
- Legitimate interest – we may need to process your information to undertake safeguarding tasks, including doing all that we reasonably can to ensure that no-one is at risk of harm during Church of England activities.
Legitimate Interest Assessment
We have undertaken a Legitimate Interest Assessment, and the summary below sets out why we have a legitimate interest.
|We have a specific purpose with a defined benefit||The processing is an essential part of the Church of England’s response to the dealing with safeguarding matters to protect individuals from harm, in particular those that are the most vulnerable, (children and/or vulnerable adults).|
|The processing is necessary to achieve the defined benefit.||The processing is necessary to investigate an allegation/concern effectively or help improve safe working practices in and around Church activities and ensure that the Church is a safe place for everybody.|
|The purpose is balanced against, and does not override, the interests, rights and freedoms of data subjects.
|There is the risk of significant harm to others if unsuitable individuals are appointed to positions of authority and responsibility where they can be trusted by others. Similarly, there is a risk of harm to individuals where safe working practices are not adopted or cannot be reviewed and improved. The duty to protect individuals from harm, overrides any risks to the rights and freedoms of data subjects as appropriate safeguards have been put in place.|
For a copy of the full Legitimate Interest Assessment, please contact Judith Knight, Church House, College Green. GL1 2LY], whose details are set out at section 10 below.
- Legal obligation – we may need to process your information in order to comply with a legal obligation, such as under the Inquiries Act 2005 which may compel us to provide personal data for the purposes of a statutory inquiry, or a referral to the Disclosure and Barring Service under the Safeguarding Vulnerable Groups Act 2006, or an order of a court or tribunal.
Special categories & criminal information
- Explicit Consent – we will obtain your explicit written consent to process your data to assess the need for, and the provision of counselling and support, and to share it with 3rd
- Substantial public interest (protecting the public against dishonesty etc.) – we may need to process your information where necessary for the protection of members of the public generally against seriously improper conduct, and from any failures in connection with, the Church of England’s activities, or for safeguarding purposes.
This lawful basis is applied in the UK only, with reference to the GDPR Article 9(2)(g), and the Data Protection Act 2018 Schedule 1 Part 2, paragraph 11 and paragraph 18.
- Legal claims – we may need to process your information where there is a legal claim, or in connection with a judicial process.
- Archiving – we may keep your information for archiving purposes in the public interest, and for scientific or historical research purposes or statistical purposes.
- Who we collect from or share your information with:
Where necessary (or required), we collect from or share information with:
- Parishes e.g. Parochial Church Councils (PCCs) and relevant PCC members, diocesan bodies, bishops’ offices and cathedrals.
- candidates, prospective employees, employees or other staff members (including contractors, workers, consultants and volunteers, including members of any “Core Group”)
- legal representatives
- parties and individuals involved in or connected with legal claims, inquiries, reviews and dispute resolution (including mediation and arbitration)
- healthcare, social and welfare organisations or providers of health, social care or welfare services
- educational institutions
- governance bodies and committees
- 3rd party data processors
- local and central government
- both houses of parliament and members of parliament
- regulatory and statutory bodies
- law enforcement and prosecuting authorities
- courts and tribunals and providers of legal services
- members of the judiciary
- charitable, religious and voluntary organisations
- survey and research organisations
- statutory, public, regulatory or other legal or independent reviews or inquiries, including any “lessons learned” reviews
- Data transfers outside the EEA
The GDBF does not share your information with countries outside of the UK or EEA routinely. If required to do so to meet our purpose, we will put in place the necessary safeguards.
- How long do we keep your information?
There’s often a legal and/or business reason for keeping your information for a set period, as stated in our retention schedule.
We are committed to ensuring that your personal data is secure. We limit access to data on a need to know basis and test our security practices and technologies.
If a data breach does occur, we will do everything in our power to limit the damage. In the case of a high-risk data breach, and depending on the circumstances, we will inform you about the breach and any remedial actions to prevent any further damage. We will also inform the Information Commissioner’s Office of any qualifying data breaches.
- Your personal data will not be used for any automated decision making
- Your rights
You have the following rights regarding your personal data, subject to exemptions:
- The right to request a copy of your personal data
- The right to rectify your data if you think it is inaccurate or incomplete
- The right to request that your data being erased, in certain circumstances
- The right to restrict processing of your data, in certain circumstances
- The right to request that we transfer your data to you or another organisation, in certain circumstances
- The right to object to our processing of your data if the process forms part of our public tasks, or is in our legitimate interests
- The right to withdraw your consent at any time
- The right to request that we transfer your data to you or another organisation, in certain circumstances (only applies to data held online)
- Complaints or concerns
You have the right to make a complaint at any time to the Information Commissioner at https://ico.org.uk/concerns/ or Information Commissioner’s Office, Wycliffe House, Water Lane Wilmslow Cheshire SK9 5AF, Tel: 0303 123 1113.
- Reference documents
For further information on GDBF please go to: https://www.gloucester.anglican.org/
For further information on our safeguarding work please go to: https://www.gloucester.anglican.org/about-us/safeguarding/
For further information on our national safegurding policies please see:
Promoting a Safer Church policy statement 2017: https://www.churchofengland.org/safeguarding/promoting-safer-church-safeguarding
Protecting All God’s Children (safeguarding policy for children and young people) (2010);
Promoting a Safer Church (safeguarding policy for adults) (2006)
For further information on retention please see Safeguarding Records Retention Toolkit December 2015:
Records management guides | The Church of England;
For further information on our safeguarding duties and responsibilities, please see
Practice Guidance: Safer Recruitment 2016 policy:
Practice Guidance: Responding to, assessing and managing safeguarding concerns or allegations against church officers (2017):
Responding to Safeguarding Concerns or Allegations that relate to Children, Young People and Vulnerable Adults Practice Guidance (2018):
Working Together to Safeguard Children (July 2018)